Nagstamon: Information disclosure

Nagstamon: Information disclosure A vulnerability in Nagstamon could expose user credentials to a remote attacker. nagstamon 2014-01-06 2014-01-06 476538 remote 0.9.11_rc1 0.9.11_rc1

Nagstamon is a Nagios status monitor application.

Nagstamon’s automatic request to check for updates includes plaintext username and password information for one of the monitor servers that the Nagstamon instance connects to.

A remote attacker could eavesdrop on this request and gain user credentials for a monitor server.

There is no known workaround at this time.

All Nagstamon users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=net-analyzer/nagstamon-0.9.11_rc1"

CVE-2013-4114 underling creffett